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are allowed access to each cartridge, and only certain users are 
allowed to define who has access to that data. 

While the preferred embodiments of the present invention 
have been illustrated in detail, it should be apparent that 
modifications and adaptations to those embodiments may occur to 
one skilled in the art without departing from the scope of the 
present invention as set forth in the following claims. 
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\/ A portable security system for managing access to a portable 
/data storage cartridge, said data storage cartridge having data 
storage media for storing data for read/write access by a user of 
a datastorage drive when mounted in said data storage drive, 
said potable security system comprising: 

a wifeless interface mounted in said portable data storage 
cartridge fYr receiving power and data from, and sending data to, 
said data stoVage drive when mounted in said data storage drive; 
and \ 

a computer processor mounted in said portable data storage 
cartridge and coupled to said wireless interface; said computer 
processor powered bA said wireless interface and receiving and 
transmitting data to Jeaid data storage drive via said wireless 
interface; said computer processor having a user table comprising 
at least a unique user identifier for each authorized user and at 
least one permitted activ^y said user is authorized to conduct 
with respect to said data storage media, said user identifier, 
when combined with a user authentication message from said 
authorized user in accordance with a predetermined algorithm, 
authorizes said user; said computer processor receiving said user 
authentication messages from saiA data storage drive via said 
wireless interface, combining said\user authentication message 
with said user identifier from saidVser table in accordance with 
said predetermined algorithm to authorize or deny said user 
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Activity, and transmitting . said user authorization or denial to 
Sc^-d data storage drive via said wireless interface. 

2. \The portable security system of Claim 1, wherein said 
wireless interface comprises an RF interface. 

5 3. The portable security system of Claim 1, wherein each said 
user identifier comprises a user symbol and a user decrypting 
key, wherein said user authentication message comprises an 
encrypted useV authentication message which may be decrypted by 
y said user decrypting key, and wherein said computer processor 
Eg 10 conducts said combination by decrypting said user authentication 
isO message by said user, decrypting key. 



4. The portable security system of Claim 3, wherein said user 
decrypting key comprises a sender public key, and wherein said 
predetermined algorithm comprises a public key cryptographic 
15 algorithm. 



5. The portable securivty system of Claim 4, wherein said user 
authentication message is^ encrypted by a sender private key and a 
receiver public key, and wherein said public key cryptographic 
algorithm decrypts said use\: authentication message employing a 
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iceiver private key and said sender public key, whereby said 
user authentication message is known to have come from said user. 



6. ^he portable security system of Claim 1, wherein said 
computed processor user table permitted activities comprise a 

5 pluralitAof permitted activities, selected ones of which each of 
said users Vay be authorized to conduct, said permitted 
activities comprising 1) read access to data stored in said data 
storage media,\2) write access to data stored in said data 
storage media, a) read the user entry of said user table, 4) read 
10 all entries of Sc\ld user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table, 

7. The portable security system of Claim 1, wherein said 
computer processor useA table comprises a separate entry for each 
said user identifier and\said permitted activity said user is 

15 authorized to conduct . 

8. The portable security system of Claim 1, wherein said 
computer processor user table Comprises a separate entry for each 
said user identifier, said entry, comprising all said permitted 
activities said user is authorizes to conduct. 
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^9. The portable security system of Claim 1, wherein said 
computer processor additionally comprises a nonvolatile memory 
storing said user table, 

10. Tae portable security system of Claim 1, wherein said 
5 computeA processor additionally comprises a class table 

comprising^ at least a unique class identifier for each authorized 
class of users and at least one permitted activity said class of 
users is authorized to conduct with respect to said data storage 
,Q - media, said clVss identifier, when combined with a user 
hj 10 authentication message from a user of said authorized class of 
m users in accordance with said predetermined algorithm, authorizes 
=0 said user; and wherein said computer processor additionally, upon 
fab receiving said user ^authentication messages from said data 
p storage drive via sam wireless interface, combining said user 
fefl 15 authentication messageXwith said class identifier from said class 
* table in accordance witft said predetermined algorithm to 
authorize or deny said class activity to said user, and 
transmitting said class authorization or denial to said data 
storage drive via said wireless interface. 

20 11. The portable security system of Claim 10, wherein said 
computer processor user table Additionally comprises any class 

membership of each said user, wl^rein said user may be authorized 
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wixh respect to said class table either by said class 
authorization or by said user authorization. 
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12. Tne portable security system of Claim 10, wherein said 
computer \processor user table and said class table permitted 

5 activitiesXcomprise a plurality of permitted activities, selected 
ones of which each of said users may be authorized to conduct, 
said permittee activities comprising 1) read access .to data 
stored in saidXdata storage media, 2) write access to data stored 
in said data storage media, 3) read all entries of said class 
10 table, 4) add entries to said class table, and 5) change/delete 
entries to said class table. 

13. The portable security system of Claim 10, wherein said 
^computer processor additionally comprises a nonvolatile memory 

storing said user table\and said 'class table, 



15 14. The portable security system of Claim 1, wherein said data 
stored in said data storage\ media is encrypted, wherein said 
computer processor user table permitted activities comprise at 
least 1) read access to data stored in said data storage media, 
and wherein said user authorization for said read access 

20 additionally comprises a decryption key for said encrypted stored 
data . 
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A data storage cartridge for storing data for read/write 
^access by a user of a data storage drive when mounted in said 
data\storage drive, comprising: 

ofeta storage media mounted in said data storage cartridge 
5 for storing said data for said read/write access; 

a wifeless interface mounted in said portable data storage 
cartridge f\r receiving power and data from, and sending data to, 
said data storage drive when mounted in said data storage drive; 
and \ 

.'sR 10 a computer processor mounted in said portable data storage 

y cartridge and coupled to said wireless interface; said computer 

'f* processor powered bV said wireless interface and receiving and 

,g transmitting data toXsa.id data storage drive via said wireless 

jL& interface; said computer processor having a user table comprising 

p 15 at least a unique user identifier for each authorized user and at 

% g least one permitted activity said user is authorized to conduct 

with respect to said datastorage media, said user identifier, 

when combined with a user authentication message from said 

authorized user in accordance with a predetermined algorithm, 

20 authorizes said user; said computer processor receiving said user 

authentication messages from sa\d data storage drive via said 

wireless interface, combining saM user authentication message 

with said user identifier from sai\i user table in accordance with 

said predetermined algorithm to authorize or deny said user 
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activity, and transmitting said user authorization or denial to 
saifi data storage drive via said wireless interface. 

16. Tfie data storage cartridge of Claim 15, wherein said 
wireless\ interface comprises an RF interface. 

17. The da\a storage cartridge of Claim 15, wherein each said 
user identifier comprises a user symbol and a user decrypting 
key, wherein s\id user authentication message comprises an 
encrypted user authentication message which may be decrypted by 
said user decrypting key, and wherein said computer processor 
conducts said combination by decrypting said user authentication 
message by said useA decrypting key. 

18. The data storage cartridge of Claim 17, wherein said user 
decrypting key comprise at a sender public key, and wherein said 
predetermined algorithm qpmprises a public key cryptographic 
algorithm. \ 

19. The data storage cartridge of Claim 18, wherein said user 
authentication message is encfypted by a sender private key and a 
receiver public key, and wherein said public key cryptographic 
algorithm decrypts said user authentication message employing a 
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receiver private key and said sender public key, whereby said 
user\authentication message is known to have come from said user. 

20. Tha data storage cartridge of Claim 15, wherein said 

computer processor user table permitted activities comprise a 

5 plurality oV permitted activities, selected ones of which each of 

said users may be authorized to conduct, said permitted 

activities comprising 1) read access to data stored in said data 

storage media, ^0 write access to data stored in said data 

Ji storage media, 3)\read the user entry of said user table, 4) read 

J'fJ 10 all entries of said user table, 5) add entries to said user 

table, and 6) change/delete entries to said user table. 
^0 \ 

jj\ 21. The data storage Cartridge of Claim 15, wherein said 
H computer processor user\table comprises a separate entry for each 
if} said user identifier and^aid permitted activity said user is 
15 authorized to conduct. \ 

22. The data storage cartridge of Claim 15 wherein said computer 
processor user table comprises a separate entry for each said 
user identifier, said entry comprising all said permitted • 
activities said user is authorized to conduct. 
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23. The data storage cartridge of Claim 15, wherein said 
•computer .processor additionally comprises a nonvolatile memory 

storing said user table. 

24. Trte data storage cartridge of Claim 15, wherein said 
5 computer\processor additionally comprises a class table 

comprising at least a unique class identifier for each authorized 
class of users and at least, one permitted activity said class of 
users is authorized to conduct with respect to said data storage 
media, said cmss identifier, when combined with a. user 

10 authentication message from a user of said authorized class of 
users in accordance with said predetermined algorithm, authorizes 
said user; and wherein said computer, processor additionally, upon 
receiving said usei authentication messages from said data 
storage drive via said wireless interface, combining said user 

15 authentication messaae with said class identifier from said class 
table in accordance wi\th said predetermined algorithm to 
authorize or deny said V:3- ass activity to said user, and 
transmitting said class authorization or denial to said data- 
storage drive via said wireless interface. 

20 25. The data storage cartridge of Claim 24, wherein said 

computer processor user tabla additionally comprises any class 

membership of each said user, wherein said user may be authorized 
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wiV:h respect to said class table either by said class 
authorization or by said user authorization. 

26. The data storage cartridge of- Claim 24, wherein said 
compute A processor user table and said class table permitted 
activities^ comprise a plurality of permitted activities, selected 
ones of whrch each of said users may be authorized to conduct, 
said permitted activities comprising 1) read access to data 
stored in saiAdata storage media, 2) write access to data stored 
in said data steerage media, 3) read all entries of said class 
table, 4) add entries to said class table, and 5) change/delete 
entries to said cIhss table. 

27. The data storage cartridge of Claim 24, wherein said 
computer processor additionally comprises a nonvolatile memory 
storing said user tabla and said class table. 

28. The data storage cartridge of Claim 15, wherein said data 
stored in said data storage media is encrypted, ' wherein said 
computer processor user table permitted activities comprise at 
least 1) read access to data\ stored in said data storage media, 
and wherein said user authorisation for said read access 
additionally comprises a decryption key for said encrypted stored 
data. 
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A method for providing a portable secure interface to a data 
stoAage cartridge, said data storage cartridge having data 
storage media for storing data for read/write access by a user of 
a data storage drive when mounted in said data storage drive, and 
5 a wireAess interface mounted in said portable data storage 

cartridge for receiving power and data from, and sending data to, 
said data\ storage drive when mounted in said data storage drive, 
said data storage cartridge having a user table comprising at 
least a unique user identifier for each authorized user and at 

10 least one permitted activity said user is authorized to conduct 
with respect Vo said data storage media, said user identifier, 
when combined with a user authentication message from said 
authorized user\in accordance with a predetermined algorithm, 
authorizes said user, said method comprising the steps of: 

15 receiving said user authentication messages from said data 

storage drive via said wireless interface; 

combining saia user authentication message with said user 
identifier from said user table in accordance with said 
predetermined algorithm to authorize or deny said user activity; 

20 and \ 

transmitting said\user authorization or denial to said data 
storage drive via said wireless interface. 
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30A The method of Claim 29, wherein each said user identifier 
comprises a user symbol and a user decrypting key, wherein said 
user authentication message comprises an encrypted user 
authentication message which may be decrypted by said user 
5 decrypting key, and wherein said combining step comprises 
decrypting said user authentication message by said user 
decrypting^ key. 

31. The meuhod of Claim 30, wherein said user decrypting key 
comprises a sender public key, and wherein said predetermined 

10 algorithm comprises a public key cryptographic algorithm. 

32. The method pf Claim 31, wherein, said user authentication 
message is encryoted by a sender private key and a receiver 
public key, wherein said public key cryptographic algorithm 
decrypts said user\authentication message employing a receiver 

15 private key and saik sender public key, and wherein said 

combining step comprises decrypting said user authentication 
message by said receiWer private key and said sender public key, 
whereby said user authentication message is known to have come 
from said user. \ 

20 33. The method of Claim\29, wherein said user table comprises a 

plurality of said permitted activities, selected ones of which 
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each of said users may be authorized to conduct/ said permitted 
activities comprising 1) read access to data stored in said data 
storage media, 2) write access to data stored in said data 
storage Vnedia, 3) read the user entry of said user table, 4) read 
all entries of said user table, 5) add entries to said user 
table, and\6) change/delete entries to said user table; and 
wherein said\ transmitting step comprises transmitting 
authorization \to conduct the selected said user permitted 
activities saic\ user is authorized to conduct. 

10 34. The method o^f Claim 29, wherein said user table comprises a 
separate entry for\each said user identifier and said permitted 
activity said user j\s authorized to conduct; and wherein said 
transmitting step additionally comprises identifying said user 
permitted activities from said separate entries. 

15 35. The method of Claim 129, wherein said step of providing said 
user table comprises a separate entry for each said user 
identifier, said entry comprising all said permitted activities 
said user is authorized to conduct; and wherein said transmitting 
step additionally comprises identifying said user permitted 

20 activities from said user separate entry, 
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3^. The method of Claim 29, wherein said data storage cartridge 
additionally comprises a class table comprising, at least a unique 
clas^ identifier for each authorized class of users and at least 
one permitted activity said class of users is authorized to 
conduct Vith respect to said data storage media, said class 
identifier^ when combined with a user authentication message from 
a user of s\id authorized class of users in accordance with said 
predetermine^ algorithm, authorizes said user; 

wherein, said combining step additionally comprises, upon, 
receiving said uteer authentication messages from said data 
storage drive via\said wireless interface, combining said user 
authentication message with said class identifier from said class 
table in accordance with said predetermined algorithm to 
authorize or deny saick class activity to said user; and 

wherein said transmitting step additionally comprises 
transmitting said class authorization or denial to said data 
storage drive via said wifeless interface. 



37. The method of Claim 36,\ wherein said user table additionally 
comprises any class membership of each said user; and wherein 
20 said combining step additionally authorizes said user with 

respect to said class table, either by said class authorization or 
by said user authorization. 
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38, The method of Claim 36, wherein said user table and said 

class table comprise a plurality of permitted activities, 

selected ®nes of which each of said users may be authorized to 

conduct, se^-d permitted activities comprising 1) read access to 

5 data stored \n said data storage media, 2) write access to data 

stored in saiA data storage media, 3) read all entries of said 

class table, 4)\add entries to said class table, and 5) 

change/delete entries to said class table; and wherein said 

transmitting stepVcomprises transmitting authorization to conduct 
O \ 

,g 10 the selected said user and said class permitted activities said 

l*i user is authorized tfo conduct. 

Ill \ 
Off \ 
*0 \ 

h Q 39. The method of Claim 29, wherein said data stored in said 

M data storage media is encrypted, wherein said step of providing 
M \ 

O said user . table permittee^ activities comprises providing at least 

C 3 15 1) read access to data stored in said data storage media, and 

•° \ 

wherein said step of transmitting said user authorization for 

said read access additionally comprises transmitting a decryption 

key for said encrypted storedXdata. 
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Z\A computer program product usable with a programmable 
;u\er processor having computer readable program code embodied 
thereiA for providing a secure interface to a data storage 
cartridgV- said programmable computer processor mounted in said 
5 data storage cartridge, said data storage cartridge having data 
storage medra for storing data for read/write access by a user of 
a data storag\ drive when mounted in said data storage drive, and 
a wireless interface mounted in said portable data storage 
cartridge for receiving power and data from, and sending data to, 
10 said data storage Ndrive when mounted in said data storage drive, 
said computer program product comprising: 

computer readab]>e program code which causes said 
programmable computer processor to provide a user table 
comprising at least a undque user identifier for each authorized 
15 user and at least one permitted activity said user is authorized 
to conduct with respect to\said data storage media, said user 
identifier, when combined wiVh a user authentication message from 
said authorized user in accordance with a predetermined 
algorithm, authorizes said usera 
20 computer readable program cVie which causes said 

programmable computer processor ta receive said user 
authentication messages from said dYta storage drive via said 
' wireless interface; 
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computer readable program pode which causes said 
programmable computer processor to combine said user 
authentication message with said user identifier from said user 
table vLn accordance with said predetermined algorithm to 
5 authorise or deny said user activity; and 

computer readable program code which causes said 
programmable computer processor to transmit said user 
authorization or denial to said data storage drive via said 
wireless interface. 



71 10 41. The computer program product' of Claim 40, wherein each said 
user identifier Comprises a user symbol and a user decrypting 

i f j 

[q key, wherein said\user authentication message comprises an 

L encrypted user authentication message which may be decrypted by 

q said user decrypting key, and wherein said computer readable 
§ \ 

h Q 15 program code additionally causes said programmable computer 

*S \ 

processor to conduct said combination by decrypting said user 

authentication message \by said user decrypting key. 



42. The computer program product of Claim 41, wherein said user 

decrypting key comprises a sender public key, and wherein said 

20 predetermined algorithm comprises a public key cryptographic 
algorithm. 
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43V The computer program product of Claim 42, wherein said user 
authentication message is encrypted by a sender private key and a 
receiyer public key, wherein said public key cryptographic 
algorithm decrypts said user authentication message employing a 
5 receiveA private key and said sender public key, and wherein said 
computer readable program code additionally causes said 
programmable computer processor, in conducting said combination, 
to decrypt said user authentication message by said receiver 
private key and said sender public key, whereby said user 
10 authentication^ message is known to have come from said user. 

44. The computes program product of Claim 40, wherein said 
computer readable program code additionally causes said 
programmable computer processor to provide in said user table a 
plurality of said peWitted activities, selected ones of which 

15 each of said users ma^X be authorized to conduct, said permitted 
activities comprising l\ read access to data stored in said data 
storage media, 2) write access to data stored in said data 
storage media, 3) read tha user, entry of said user table, 4) read 
all entries of said user talDle, 5) add entries to said user 

20 table, and 6) change/delete Entries to said user table. 



45. The computer program product of Claim 40, wherein said . 

computer readable program code additionally causes said 
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programmable computer processor to provide in said user table a 
separate entry for each said user identifier and said permitted 
activimr said user is authorized to conduct, 

46. The computer program product of Claim 40, wherein said 
computer readable program code additionally causes said 
programmable\ computer processor to provide in said user table a 
separate entry for each said user identifier, said entry 
comprising allXsaid permitted activities said user is authorized 
to conduct \ 

47. The computer \p r o<? ram product of . Claim 40, wherein said 
computer readable program code additionally causes said 
programmable computeV processor: 

to provide a class table comprising at least a unique class 
identifier for each authorized class of users and at least one 
permitted activity said\class of users is authorized to conduct 
with respect to said data storage media, said class identifier, 
when combined with a user ^authentication message from a user of 
said authorized class of users in accordance with said 
predetermined algorithm, authorizes said user; 

in conducting said combination, upon receiving said user 

authentication messages from said data storage drive via said 

wireless interface, to combine said user authentication message 

40 
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with said class identifier from said class table in accordance 
with said predetermined algorithm to authorize or deny said class 
actiyity to said user; and 

.n conducting said transmission, to transmit said class 
5 authorization or denial to said data storage drive via said 
wireless interface. 
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48. The computer program product of Claim 47, wherein said 
computer readable program code additionally causes said 
programmable\computer processor to provide in said user table any 

10 class membership of each said user, wherein said user may be 

authorized witA respect to said class table either by said class 
authorization on by said user authorization. 

49. The computer program product of Claim 47, wherein said 
computer readable p\:ogram code additionally causes said 

15 programmable computet processor to provide in said user table and 
said class table a plurality of permitted activities, selected 
ones of which each of isaid users may be authorized to conduct, 
said permitted activities comprising 1) read access to data 
stored in said data stooge media, 2) write access to data stored 

20 in said data storage mediW, 3) read all entries of said class 
table, 4) add entries to said class table, and 5) change/delete 
entries to said class table 
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50, TWe computer program product of Claim 40, wherein said data 
stored iX said data storage media is encrypted, and wherein said 
computer readable program code additionally causes said 
programmable computer processor to provide in said user table 
permitted activities comprising at least 1) read access to data 
stored in said data storage media, and wherein said computer 
readable program code additionally causes said programmable 
computer processor to transmit. in said user authorization for 
said read access \ a decryption key for said encrypted stored 
data. \ 
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